ISO 27001 (or ISO/IEC 27001) is the leading international standard on information security management. As part of a wider set of related ISO (International Organisation for Standardisation) standards - the ISO 27000 series – it provides a well-defined framework to help any business create, implement, and maintain an effective information security management system (ISMS).

We’d like to start this post by saying that our thoughts are with everyone that is affected by the ongoing conflict in Ukraine. As widely reported in the news, we are also actively monitoring the increased level of malicious cyber activity related to the situation. Businesses should be under no illusions: the cyber security shock waves from the Ukraine crisis will extend across the world. It’s therefore important to stay informed and act quickly so that your business is protected.

It’s been more than two years since the first stories of COVID-19 hit the news, and so much about how we live and work has changed during that time. The global pandemic affected every area of business in economies the world over, resulting in financial losses and closures, especially for small enterprises and start-ups.

Businesses of all sizes would benefit from raising their awareness of the potential threats for the year ahead. Hackers are not only exploiting new vulnerabilities such as Log4Shell, but also continuing their use of tried-and-tested methods like phishing and attacking unpatched systems to compromise the security of businesses. There are also challenges in achieving compliance which will be a barrier for organisations looking to secure business and supply chain data.

The COVID-19 pandemic has been responsible for shifting working arrangements from fixed locations and office hours to remote working, with dispersed teams and flexible working patterns. Changing working environments has led businesses to embrace new ways to monitor their workforce's activity and productivity and ensure work goals are being met.

CHECK and CREST are two separate accreditations approved for use by the National Cyber Security Centre (NCSC), and the Council of Registered Ethical Security Testers (CREST). CHECK, which is an abbreviation of IT Health Check Service, is an NCSC initiative for protecting government and public sector systems in line with government policy.

Cloud computing is a highly convenient and cost-effective way of storing data, but it also comes with risks. Businesses often use this technology without understanding how vulnerable they are to security breaches. With the rise in cybercrimes, businesses need to be more vigilant about their data security than ever before. This article will discuss some of the most common cyber security risks associated with cloud computing and provide information on how they can be managed.

Digital cookies have become a ubiquitous tool in how websites identify visitors, understand their online behaviour, and make browsing more convenient for the user. Cookies are small text files which store data to identify your computer. Cookies aren't necessarily bad. They're useful for encryption, delivering webchats, improving marketing campaigns by personalising the content displayed, and many other digital services.

In what is being described as the most significant update to the scheme since it launched in 2014, the National Cyber Security Centre (NCSC) has announced that the technical controls for Cyber Essentials and Cyber Essentials Plus will be updated as of 24th January 2022. The change is to bring the scheme in-line with the evolving cyber security challenges that organisations now face, particularly around the adoption of cloud services and hybrid working.